package com.tenwa.httpclient;





import com.amarsoft.awe.Configure;
import com.tenwa.httpclient.PyConfig;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
 * 鹏元征信 SSLContext 帮助类
 */
public class PySSLContextUtil {

    /**
     * 使用该SSLContext，证书如下
     * keystore  ： javax.net.ssl.keyStore 指定的证书
     * truststore  ： javax.net.ssl.trustStore 指定的证书
     *
     * @return
     * @throws NoSuchAlgorithmException
     */
    public static SSLContext createDefaultSSLContext() throws NoSuchAlgorithmException {
        return SSLContext.getDefault();
    }

    /**
     * 使用该SSLContext, 证书可自定义
     *
     * @return
     * @throws Exception 
     */
    public static SSLContext createCustomerSSLContext() throws Exception {
    	Configure CurConfig = Configure.getInstance();
    	SSLContext context = SSLContext.getInstance("TLSv1.2");
        //KeyStore keyStore = getKeyStore("JKS", new FileInputStream(PyConfig.KEYSTORE_FILE), PyConfig.KEYSTORE_PASSWORD);
        KeyStore keyStore = getKeyStore("JKS", new FileInputStream(CurConfig.getConfigure("KEYSTORE_FILE")), CurConfig.getConfigure("KEYSTORE_PASSWORD"));

        KeyManager[] kms = createKeyManager(keyStore, PyConfig.KEYSTORE_PASSWORD);
        KeyStore trustStore = getKeyStore("JKS", new FileInputStream(CurConfig.getConfigure("TRUSTSTORE_FILE")), CurConfig.getConfigure("TRUSTSTORE_PASSWORD"));
       //带公钥证书
	   // TrustManager[] tms = createTrustManager(trustStore);
       // context.init(kms, tms, null);
	   //不带公钥证书
	   context.init(kms,new TrustManager[]{new X509TrustManager(){
			      public void checkClientTrusted(java.security.cert.X509Certificate[] arg0,String arg1) throws CertificateException{
				  }
			      public void checkServerTrusted(java.security.cert.X509Certificate[] arg0,String arg1) throws CertificateException{
				  }
				  public java.security.cert.X509Certificate[] getAcceptedIssuers(){
				     return null;
				  }  
			  }},null);
			  SSLContext.setDefault(context);
        return context;
    }

    private static KeyManager[] createKeyManager(KeyStore keyStore, String password) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        factory.init(keyStore, password.toCharArray());
        return factory.getKeyManagers();
    }

    private static TrustManager[] createTrustManager(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(trustStore);
        return factory.getTrustManagers();
    }


    public static KeyStore getKeyStore(String keyStoreType, InputStream stream, String password) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(stream, password.toCharArray());
        return keyStore;
    }
}